SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Tengo un Virus, ayuda! (SOLUCIONADO)
Mylenium69:
Aquí lo tienes:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AppleSyncNotifier AppleSyncNotifier (Verified) Apple Inc. c:\archivos de programa\archivos comunes\apple\mobile device support\bin\applesyncnotifier.exe
+ avast! avast! service GUI component (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\ashdisp.exe
+ Broadcom Wireless Manager UI Dell Wireless WLAN Card Wireless Network Tray Applet (Not verified) Dell Inc. c:\windows\system32\wltray.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\archivos de programa\itunes\ituneshelper.exe
+ NVHotkey NVIDIA Hotkey Service, Version 101.38 (Not verified) NVIDIA Corporation c:\windows\system32\nvhotkey.dll
+ nwiz NVIDIA nView Wizard, Version 110.96 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\archivos de programa\quicktime\qttask.exe
+ SigmatelSysTrayApp Sigmatel Audio system tray application (Not verified) SigmaTel, Inc. c:\windows\stsystra.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\Mayte\Menú Inicio\Programas\Inicio
+ ERUNT AutoBackup.lnk c:\archivos de programa\erunt\autoback.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\archivos de programa\archivos comunes\skype\skype4com.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\ashshell.dll
+ TagRename_ContextMenu Tag&Rename shell extension (Not verified) Softpointer Inc c:\archivos de programa\tagrename\trshell.dll
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ a2FreeContMenu a-squared Free shell extension (Verified) Emsi Software GmbH c:\archivos de programa\a-squared free\a2freecontmenu.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ dBpShell Class Provides dBpoweramp Shell Interaction (Not verified) Illustrate c:\archivos de programa\illustrate\dbpoweramp\dbshell.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\archivos comunes\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ a2FreeContMenu a-squared Free shell extension (Verified) Emsi Software GmbH c:\archivos de programa\a-squared free\a2freecontmenu.dll
+ avast avast! Shell Extension (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\ashshell.dll
+ TagRename_ContextMenu Tag&Rename shell extension (Not verified) Softpointer Inc c:\archivos de programa\tagrename\trshell.dll
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ 00nView NVIDIA Desktop Explorer, Version 110.96 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ a-squared Free Context Menu Shell Extension a-squared Free shell extension (Verified) Emsi Software GmbH c:\archivos de programa\a-squared free\a2freecontmenu.dll
+ avast avast! Shell Extension (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\ashshell.dll
+ Context Menu Shell Extension Tag&Rename shell extension (Not verified) Softpointer Inc c:\archivos de programa\tagrename\trshell.dll
+ dBpoweramp Music Converter dMC Shell Module (Not verified) Illustrate c:\archivos de programa\illustrate\dbpoweramp\dmcshell.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.96 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.96 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\archivos de programa\itunes\itunesminiplayer.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.96 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ PhotoToys Windows XP PowerToys (Not verified) Microsoft Corporation c:\windows\system32\phototoys.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ &Yahoo! Toolbar Helper Yahoo! Toolbar (Verified) Yahoo! Inc. c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
+ Aplicación auxiliar de vínculos de Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\archivos de programa\archivos comunes\adobe\acrobat\activex\acroiehelper.dll
+ PDFCreator Toolbar Helper PDFCreator Toolbar c:\archivos de programa\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
+ Spybot-S&D IE Protection SBSD IE Protection (Verified) Safer Networking Ltd. c:\archivos de programa\spybot - search & destroy\sdhelper.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ Barra Yahoo! Yahoo! Toolbar (Verified) Yahoo! Inc. c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Barra Yahoo! Yahoo! Toolbar (Verified) Yahoo! Inc. c:\archivos de programa\yahoo!\companion\installs\cpn0\yt.dll
+ PDFCreator Toolbar PDFCreator Toolbar c:\archivos de programa\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Inc. c:\archivos de programa\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services
+ a2free Scans the PC for unwanted software and provides protection from malicious code (Verified) Emsi Software GmbH c:\archivos de programa\a-squared free\a2service.exe
+ aawservice Ad-Aware service (Verified) Lavasoft AB c:\archivos de programa\lavasoft\ad-aware\aawservice.exe
+ Apple Mobile Device Proporciona la interfaz a los dispositivos móviles de Apple. (Verified) Apple Inc. c:\archivos de programa\archivos comunes\apple\mobile device support\bin\applemobiledeviceservice.exe
+ aswUpdSv Provides automatic updating for the avast! antivirus. (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\aswupdsv.exe
+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. (Verified) ALWIL Software c:\archivos de programa\alwil software\avast4\ashserv.exe
+ Bonjour Service Bonjour permite que aplicaciones como iTunes y Safari anuncien y descubran servicios en la red local. Si tiene Bonjour en ejecución, le permitirá conectarse con dispositivos hardware como el Apple TV y con servicios de software, como archivos compartidos de iTunes y AirTunes. Si desactiva Bonjour, los servicios de red que dependan de él explícitamente no se podrán iniciar. (Verified) Apple Inc. c:\archivos de programa\bonjour\mdnsresponder.exe
+ wltrysvc Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant. c:\windows\system32\wltrysvc.exe
HKLM\System\CurrentControlSet\Services
+ Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys
+ aswFsBlk avast! mini-filter driver (aswFsBlk) (Verified) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys
+ aswMon2 avast! File System Filter Driver for Windows XP (Verified) ALWIL Software c:\windows\system32\drivers\aswmon2.sys
+ aswRdr avast! TDI RDR Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswrdr.sys
+ aswSP avast! self protection module (Verified) ALWIL Software c:\windows\system32\drivers\aswsp.sys
+ aswTdi avast! TDI Filter Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswtdi.sys
+ cercsr6 DELL CERC SATA1.5/6ch Miniport Driver (Not verified) Adaptec, Inc. c:\windows\system32\drivers\cercsr6.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ UIUSys File not found: system32\DRIVERS\UIUSYS.SYS
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ lsdelete (Verified) Lavasoft AB c:\windows\system32\lsdelete.exe
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\SANS-L~1.SCR FotoAngelo (Not verified) ACD Systems Ltd. c:\windows\sans-logique-com-version2.scr
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider (Not verified) Apple Inc. c:\archivos de programa\bonjour\mdnsnsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ PDFCreator redmonnt EE (Extended Edition) (Not verified) internet-support foehr.com c:\windows\system32\pdfcmnnt.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ BCMLogon Dell Wireless WLAN Card Logon Provider (Not verified) Dell Inc. c:\windows\system32\bcmlogon.dll
Mr_X:
Se ve limpio. Actualiza el Spybot S&D, el Adaware y el aSquared y pásalos iniciando en Modo seguro...
Mylenium69:
--- Cita de: Mr_X en 26 de Septiembre de 2008, 12:24:31 am ---Se ve limpio. Actualiza el Spybot S&D, el Adaware y el aSquared y pásalos iniciando en Modo seguro...
--- Fin de la cita ---
Tengo que vaciar el baúl del Avast???
También he visto que en la carpeta donde aparecía ese virus, quedan 3 archivos con nombre parecidos, los elimino?? :???:
SEguiré los pasos que me indicas, muchas gracias! ;-)
Mylenium69:
En la carpeta de Datos de programa me aparecen estos archivos DAT:
qgwso
qgwso_nav
qgwso_navps
Mr_X:
Bórralos.
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa